From 5a0699c705177d4a3c6a35c95a92d0be3ec378a6 Mon Sep 17 00:00:00 2001
From: jiangtaoli2016 <jiangtao@google.com>
Date: Tue, 29 Jan 2019 15:24:24 -0800
Subject: [PATCH] Allow trust anchor in gRPC ssl transport security

---
 src/core/tsi/ssl_transport_security.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/core/tsi/ssl_transport_security.cc b/src/core/tsi/ssl_transport_security.cc
index fb6ea192106..b18da575382 100644
--- a/src/core/tsi/ssl_transport_security.cc
+++ b/src/core/tsi/ssl_transport_security.cc
@@ -651,6 +651,8 @@ static tsi_result ssl_ctx_load_verification_certs(SSL_CTX* context,
                                                   STACK_OF(X509_NAME) *
                                                       *root_name) {
   X509_STORE* cert_store = SSL_CTX_get_cert_store(context);
+  X509_STORE_set_flags(cert_store,
+                       X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_TRUSTED_FIRST);
   return x509_store_load_certs(cert_store, pem_roots, pem_roots_size,
                                root_name);
 }